Moscova. Jean-Jacques Lévy. March 23, INRIA Paris Rocquencourt

Transcription

1 Moscova Jean-Jacques Lévy INRIA Paris Rocquencourt March 23, 2011

2 Research team

3 Stats Staff Jean-Jacques Lévy, INRIA Karthikeyan Bhargavan, INRIA James Leifer, INRIA Luc Maranget, INRIA Francesco Zappa Nardelli, INRIA Ricardo Corin, INRIA Cordoba Gilles Peskine, INRIA Trusted logic Pierre-Malo Deniélou, INRIA Imperial College Jade Alglave, INRIA Oxford Nataliya Guts, MSR-INRIA Maryland Jérémy Planul, MSR-INRIA INRIA Rocquencourt MSR-INRIA Saclay (Cédric Fournet, MSRC) Moscova history: Para (1988, Head: Lévy), Moscova (2000, Head: Gonthier MSRC) 18 PhDs 75% Coq proof of the 4-color thm; debugging of 3 modules of Ariane-501 PV; spinoff of Polyspace [Alain Deutsch]; etc. Polytechnique (Lévy, prof ) MSR-INRIA Joint Centre (Head: Lévy)

4 Research themes

5 Research themes programming languages [safe marshalling, ott, like types] concurrency [jocaml, separation logic/c-minor/concurrency, weak memory models] security compilers and verifiers [secure sessions, audits, tls, information flow]

6 Research results

7 Example 1 Weak memory models memory models of multi-core processors give formal description of WMMs operational semantics of WMMs certified (back-end) compiler for some WMMs prove correctness of compiler optimisations in WMMs

8 Intel whitepaper (1/3) MP (message passing) [demo]

9 Intel whitepaper (2/3) SB (store buffers) [demo]

10 Intel whitepaper (3/3) WRC (write-to-read causality) [demo]

11 Event structures SB with SC (sequential consistency) In SC, program order is strictly respected. r1 = 1, r2 = 1 r1 = 1, r2 = 0 r1 = 0, r2 = 1 cyclic graph

12 Event structures SB with TSO (total store order) In TSO, W followed by R can be relaxed within program order r1 = 1, r2 = 1 r1 = 1, r2 = 0 r1 = 0, r2 = 1 r1 = 0, r2 = 0

13 Event structures MP with TSO/PSO (partial store order) In TSO, W followed by R relaxed r1 = 1, r2 = 0 Cyclic graph In PSO, W followed by W to distinct location relaxed r1 = 1, r2 = 0

14 Weak memory models axiomatic + operational models for Intel [ Cambridge] / Power [ INRIA] formalisation in HOL/Coq tests on real processor behaviour pes20/ppc-supplemental/ppc003.html formal proof of simple concurrent code (eg. Linux spinlocks) operational reasoning: data-race freedom, separation logic certified compiler for concurrent languages pes20/compcerttso [Zappa Nardelli, Maranget, Alglave, Braibant, Sewell et al] [POPL 09, CACM 10; DAMP 09, CAV 10, PLDI 11; TACAS 11; POPL 11]

15 Weak memory models Proving correctness of optimisations start start FENCE nop nop nop if ifso ifnot?? if ifso ifnot nop nop nop FENCE store return store return FENCE nop Fences elimination with TSO 3 klocoq

16 Example 2 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET

17 Example 2 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET

18 Example 2 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET

19 Simple exchange

20 Two-party negotiation

21 Three-party session

22 Visibility

23 No blind fork

24 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET

25 Example 3 Verified Crypto Protocol Implementations

26 Protocol Specifications in F7

27 Protocol Specifications in F7

28 TLS in F# [CCS 08, TOPLAS 10, APLAS 10, POPL 10, ESORICS 09, phd Guts 11]

29 Other works Acute type safed marshalling [Leifer, Peskine, Zappa Nardelli] OTT A semantics tool [Sewell, Zappa Nardelli] Scripting languages (Like types) [Zappa Nardelli] Jocaml (version 3; more portable, documentation) [Maranget, Mandel] Separation logic [Appel, Zappa Nardelli] Security through logs [Guts, Fournet, Zappa Nardelli] Information flow [Corin, Fournet, le Guernic, Planul, Rezk] Pattern-matching in Ocaml [Maranget]

30 Miscellaneous

31 Links Microsoft Research Cambridge through the MSR-INRIA Joint Centre Sewell et al at Cambridge, Computer Lab Indes, Celtique, PPS with ANR Parsec [Zappa Nardelli] Gallium for general discussion about programming languages Andrew Appel, Princeton Secsi, Cascade with ERC-Crysp [Bhargavan]

32 Software diy tool suite [Alglave, Maranget] OTT: a semantics tool [Sewell, Zappa Nardelli] CompCertTSO: certified compiler for TSO [Jagannathan, Sewell, Sevcik, Vafeiadis, Zappa Nardelli] S2ML FS2CV [Bhargavan, Corin, Deniélou] [Bhargavan, Corin, Zalinescu] F7 [Bhargavan] Jocaml [Maranget, Mandel] 5% Ocaml (pattern matching) [Maranget] Hévéa: an efficient translator of Tex into Html [Maranget]

33 Teaching MPRI (master course at Paris 7) [Zappa Nardelli, Leifer] École polytechnique [Maranget, Bhargavan,...Lévy ( )] lecture notes + web pages Entrance examination at Polytechnique [Maranget (4 years), Lévy (??-2009)] Bertinoro, IIT-Delhi, Tsinghua, etc.

34 Objectives for next years

35 Scientific goals Weak Memory Models ARM multi-core + xfer to industry automatic exploration of WMMs automatic synchronisation of programs certified compilation of C-like with C1x/C++0x WMM Security compilers and verifiers scalable tools to verify security of programs verified open source cryptographic libraries web applications with formal proofs of security

36 Organization INRIA

37 Organization INRIA

38 FIN 12 April 2011: